Skills
skills/octagonai/skills/historical-financial-ratings/Gen Agent Trust Hub

historical-financial-ratings

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The installation and configuration guides (README.md, references/mcp-setup.md) instruct users to run npx -y octagon-mcp. This downloads and executes code from an external provider (OctagonAI) that is not on the trusted sources list.
  • COMMAND_EXECUTION (MEDIUM): The skill setup requires running shell commands that involve setting environment variables and spawning processes (npx, cmd /c set). These commands facilitate the execution of the external MCP server.
  • PROMPT_INJECTION (LOW): The skill exhibits an indirect prompt injection surface (Category 8). It accepts user input for parameters like TICKER and Records and interpolates them directly into a natural language prompt for the octagon-agent tool.
  • Ingestion points: TICKER and Records variables in SKILL.md workflows.
  • Boundary markers: None. Input is concatenated into a string: Retrieve historical financial ratings... for <TICKER>, limited to <N> records.
  • Capability inventory: The octagon-agent tool possesses broad capabilities including financial scraping and deep research.
  • Sanitization: No evidence of input validation or escaping before interpolation.
  • EXTERNAL_DOWNLOADS (LOW): The setup instructions for macOS suggest installing Homebrew via curl | bash. While this is a high-risk pattern (RCE), Homebrew is a trusted source, resulting in a downgrade to LOW per the [TRUST-SCOPE-RULE].
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:21 PM